package com.school.filter;

import com.school.model.Permission;
import com.school.service.UserService;
import com.school.service.impl.UserServiceImpl;
import com.school.util.ResponseJsonUtil;
import com.school.vo.R;
import com.school.vo.UserRolesVo;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

//拦截所有的请求
@WebFilter("/*")
public class CheckSigninFilter implements Filter {

    UserService userService = new UserServiceImpl();

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        // Context : 整个程序中|数据库(增加数据库的压力)|缓存(Redis)
        // 怎么存：键(用户名)值(标识)对
        String requestURI = request.getRequestURI(); // /student/get
        System.err.println(requestURI);
        switch (requestURI) {
            case "/signin": // 直接放行
                filterChain.doFilter(servletRequest, servletResponse);
                break;
            default: // 怎么取：根据键(用户名)
                // 获取token
                String token = request.getHeader("token");
                if (token != null) {
                    // 从上下文取出标识
                    String tokenValue = (String) request.getServletContext().getAttribute(token);
                    // 判断如果tokenValue！=null就证明登陆过
                    if (tokenValue != null) {
                        // 从上下文取出的token的值再去取出id
                        Integer id = (Integer) request.getServletContext().getAttribute(tokenValue);
                        // 根据id去查询当前用户的权限
                        UserRolesVo permission = userService.getPermission(id);
                        // 循环判断当前用户的权限中url字段，和requestURI做对比
                        boolean access = false;
                        for (Permission auth : permission.getAuths()) {
                            if (requestURI.equals(auth.getUrl())) {
                                // 只要有一个相等就证明有权限访问
                                access = true;
                                break;
                            }
                        }
                        if (access){
                            filterChain.doFilter(servletRequest, servletResponse);
                        }else {
                            ResponseJsonUtil.write(response, R.err("没有权限"));
                        }
                        // filterChain.doFilter(servletRequest, servletResponse);
                    } else {
                        ResponseJsonUtil.write(response, R.err("登录已经过期"));
                    }

                } else {
                    ResponseJsonUtil.write(response, R.err("未登录，请登录"));
                }
        }
    }

    @Override
    public void destroy() {
    }
}
